Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
Max CVSS
6.4
EPSS Score
0.04%
Published
2024-02-06
Updated
2024-02-10
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-02-21
Updated
2024-02-22
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath
Max CVSS
6.5
EPSS Score
0.04%
Published
2023-11-28
Updated
2023-12-21
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-09-27
Updated
2023-09-29
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-26
Updated
2023-08-03
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-05-30
Updated
2023-06-05
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-05-12
Updated
2023-05-24
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-05-12
Updated
2023-06-02
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
Max CVSS
6.0
EPSS Score
0.10%
Published
2023-04-25
Updated
2023-05-04
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.
Max CVSS
6.1
EPSS Score
0.06%
Published
2023-05-26
Updated
2023-06-02
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-04-13
Updated
2023-04-21
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Max CVSS
6.5
EPSS Score
0.18%
Published
2023-04-13
Updated
2023-04-21
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
Max CVSS
6.3
EPSS Score
0.09%
Published
2023-04-19
Updated
2023-08-23
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-03-23
Updated
2023-04-20
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode.
Max CVSS
6.8
EPSS Score
0.08%
Published
2023-02-28
Updated
2023-03-09
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
Max CVSS
6.1
EPSS Score
0.06%
Published
2022-11-09
Updated
2022-11-10
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
Max CVSS
6.5
EPSS Score
0.04%
Published
2022-10-07
Updated
2022-10-11
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-08-05
Updated
2022-08-11
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Max CVSS
6.5
EPSS Score
0.08%
Published
2022-07-12
Updated
2024-02-04
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Max CVSS
6.5
EPSS Score
0.05%
Published
2022-07-14
Updated
2024-02-04
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.
Max CVSS
6.6
EPSS Score
0.10%
Published
2022-05-11
Updated
2022-05-19
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
Max CVSS
6.5
EPSS Score
0.63%
Published
2022-05-12
Updated
2022-10-05
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.
Max CVSS
6.5
EPSS Score
0.06%
Published
2022-06-16
Updated
2022-06-27
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Max CVSS
6.5
EPSS Score
0.08%
Published
2022-04-01
Updated
2022-06-22
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
Max CVSS
6.5
EPSS Score
1.42%
Published
2022-03-29
Updated
2022-04-08
136 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!